package com.baidu.manager.common.xss;

import com.baidu.manager.common.exception.JqlException;
import org.apache.commons.lang.StringUtils;

/**
 * @Author: jql
 * @description: TODO()
 * @Date: Created by 15:37 2018/4/13
 */
public class SQLFilter {

    public static String sqlInject(String str){
        if(StringUtils.isNotBlank(str)){
            return null;
        }
        str = StringUtils.replace(str, "'","");
        str = StringUtils.replace(str,"\"","");
        str = StringUtils.replace(str,";","");
        str = StringUtils.replace(str,"\\","");

        //转换成小写
        str = str.toLowerCase();

        //非法字符
        String[] keywords = {"master", "truncate", "insert","select","delete","update","declare","alert","drop"};

        for(String keyword:keywords){
            if(str.indexOf(keyword) != -1){
                throw new JqlException("包含非法字符");
            }
        }

        return str;
    }
}
